diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 63c80e4b..f0ae5ad3 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -31,9 +31,11 @@ jobs:
     name: "Scorecards analysis"
     runs-on: ubuntu-latest
     permissions:
-      security-events: write    # Needed to upload the results to the code-scanning dashboard.
+      # Needed to upload the results to the code-scanning dashboard.
+      security-events: write
       actions: read
-      contents: read
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
 
     steps: